Freigeben über

Using BITS to move private data

  • Artikel

I'm looking at the possibility of using the BITS (Background Intelligent Transfer Service) to move packets of private data from a central server to individual client machines.  BITS, for those who haven't messed with it, is a really useful service built in to XP and Windows Server 2003 (and available for download for Win2K) that manages background downloading and uploading of data.  It is used by Windows Update, and APIs are available for any application to use it as well.

Cool beans for downloading an automatic update for your application, or for getting an updated data file for your virus scanner.  Even good for applications to share things like domain data (drop-down lists that change infrequently).  It is fine for secure download, since it supports transfer over HTTPS, but doesn't do any verification of the content on the client end... that is up to you.  A few gotchas for secure upload as well, since the temporary file that the data is uploaded into has to be kept secure by code or configuration that is outside of BITS.  Still, a pretty darn useful tool.

Thing is: if I want to create a COLD report on a server, containing large amounts of private data, and download it to a client workstation, using BITS appears problematic.  This is outside of the intent of the service, I know.  I'm just wondering if the visible obstacles would be hard to overcome.  This includes things like controlling access to the file on the server (since the web site in question does not, as of yet, use Active Directory to control access... so there are no group ACLs that I can use.  On the surface, this means that each COLD report is essentially available to everyone... bad for security), and informing the server that the transfer is complete (a web service... I suppose).

Even with HTTPS transfer, we'd need to add bits to insure that the data arrives secure, intact and unaltered.  Not necessary for downloads of an application update or a virus file, but pretty darn necessary for private data files.

I'll post a blog entry if I find anything that helps with securing the server file.  I suppose I could write an HTTP Filter that checks a SQL database for authentication before allowing access to static content... (sounds like an excuse to fire up MSN Search...).  If you have suggestions, please post a reply.

Comments

  • Anonymous
    January 06, 2006
    I am sure you have probably already looked into this but here is what I found on Microsoft Technet. Does this help at all?

    http://www.microsoft.com/technet/prodtechnol/windowsserver2003/library/ServerHelp/886d4e5e-83f1-4340-8bc8-793c5f19ee83.mspx

    I think you were right about transfering over HTTPS as that may be the only option here.
  • Anonymous
    January 06, 2006
    The bad thing with BITS (at least, the way that Windows Updates / Automatic Updates use it) is that it fails if you aren't logged into your workstation as an administrator. RunAs on the Windows Update shortcut doesn't cut it; it always fails with an error (a generic error that doesn't accurately describe the situation, too). Also, since I always use a limited account, it makes having Automatic Updates turned on absolutely useless, since it doesn't even start downloading anything since I'm not admin.

    </rant>